CVE-2016-1000339

In the Bouncy Castle JCE Provider version 1.55 and earlier the primaryengine class used for AES was AESFastEngine. Due to the highly table drivenapproach used in the algorithm it turns out that if the data channel on theCPU can be monitored the lookup table accesses are sufficient to leakinformation on the AES key being used. There was also a leak in AESEnginealthough it was substantially less. AESEngine has been modified to removeany signs of leakage (testing carried out on Intel X86-64) and is now theprimary AES class for the BC JCE provider from 1.56. Use of AESFastEngineis now only recommended where otherwise deemed appropriate.